501296 – Security issue: no screen locking at all

Bug 501296 - Security issue: no screen locking at all

Summary: Security issue: no screen locking at all

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	plasmashell
Classification:	Plasma
Component:	Screen locking (other bugs)
Version First Reported In:	6.3.2
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	1.0
Assignee:	Plasma Bugs List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2025-03-10 11:52 UTC by JR
Modified:	2025-03-11 06:22 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
*QT_LOGGING_RULES=".debug=true" /usr/libexec/kscreenlocker_greet --testing** (1.63 MB, text/x-log) 2025-03-10 11:52 UTC, JR	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description JR 2025-03-10 11:52:14 UTC

Created attachment 179261 [details]
QT_LOGGING_RULES="*.debug=true" /usr/libexec/kscreenlocker_greet --testing

SUMMARY

Screenlocker does not work at all.

STEPS TO REPRODUCE
1. Start Fedora 41 with latest KDE 6.3.2
2. Login as usual
3a. Hit META + L
3b.  I also tried it with CTRL+ALT+DEL => Sleep with the same results.

OBSERVED RESULT
short black screen before showing the unlocked session.

EXPECTED RESULT
a locked session.

SOFTWARE/OS VERSIONS
Operating System: Fedora Linux 41
KDE Plasma Version: 6.3.2
KDE Frameworks Version: 6.11.0
Qt Version: 6.8.2
Kernel Version: 6.13.5-200.fc41.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 14 × Intel® Core™ Ultra 5 135U
Memory: 15.0 GiB of RAM
Graphics Processor: Mesa Intel® Graphics
Manufacturer: HP
Product Name: HP EliteBook 860 16 inch G11 Notebook PC
System Version: SBKPF

ADDITIONAL INFORMATION
I attached the output of `$ QT_LOGGING_RULES="*.debug=true" /usr/libexec/kscreenlocker_greet --testing` which i found in other bug descriptions, although i'm not sure what happens/should happen there.

Comment 1 fanzhuyifan 2025-03-11 04:49:27 UTC

> kscreenlocker_greet: [PAM worker kde] Authenticate: Starting authentication
> kscreenlocker_greet: [PAM worker kde-fingerprint] Authenticate: Starting authentication
> kscreenlocker_greet: [PAM worker kde-smartcard] Authenticate: Starting authentication
> kscreenlocker_greet: [PAM worker kde-smartcard] Message: Info message: auth=authinfo_unavail
> kscreenlocker_greet: [PAM worker kde-smartcard] Authenticate: Authentication done, result code: 9 (Authentifizierungsdienst kann Authentifizierungsinformationen nicht abrufen)
....
> kscreenlocker_greet: [PAM worker kde] Authenticate: Authentication done, result code: 0 (Erfolg)

It seems that authentication is started and succeeds. Could you check if you have any custom pam configuration that might be messing things up? Also testing if you could reproduce in a clean user account would be super helpful.

Comment 2 JR 2025-03-11 06:22:43 UTC

OMG sorry to bother you.. It was a configuration problem. During the installation of Fedora it started installing without setting my users credentials which ends up in a user without password set. I forgot to set it afterwards. During a screen lock attempt (META+L) I found the following log line in /var/log/secure:

> Mar 11 06:55:26 computer kscreenlocker_greet[44900]: pam_unix(kde:auth): user [myuser] has blank password; authenticated without it

That's why no locking happens. As it says: authenticated without it.